LINE Application Backdoor Leaves Messages Vulnerable to Seizure By Third Parties

Popular mobile messaging service LINE is the target of some accusations that it is allowing third party organizations to “listen in” and spy on its users, and that messages sent across its service are vulnerable to interception from third parties.

Reporters at Telecom Asia claim to have been able to intercept a chat session on the LINE service with help from an unidentified “industry network engineer” using packet capture software, and then from there were able to duplicate the conversation on a PC. The messages were unencrypted while using mobile networks while they were reportedly “mostly” encrypted when sent via WiFi.

It’s not clear whether Thailand — which includes 18 million of LINE’s now 230 million users — law enforcement officials are actually listening in on LINE messages, or whether Naver’s CEO’s claims hold true and chat logs can only be obtained with a Japanese court order.

The lack of encryption within LINE would allow a “man in the middle” to listen in on users’ private communications

The report claims that the lack of encryption within LINE would allow a “man in the middle” such as the NSA, GCHQ, or even an ISP to listen in on users’ private communications.

Line didn’t deny the lack of encryption via mobile networks and released the following statement:

When using Line, bugging and hacking on the users’ communications are impossible. Fundamentally, telecommunication companies’ wireless networks can’t be hacked. Also, while using other networks, such as WiFi, hacking on Line is impossible since Line uses HTTPS. Also, all types of authorization codes related with Line certification are completely encrypted. Therefore, hacking or random change in codes are basically impossible.

So will your communications via LINE be monitored? Maybe. It’s unclear whether these backdoors were placed there on purpose or if they were simply an oversight in security. Best use your own judgement until we know for sure.